Cyber Security 2017: A Year of Living Dangerously

Cyber Security 2017: A Year of Living Dangerously

Cybercriminals are becoming better organized and more sophisticated in their exploits. That’s causing enterprises to increase spending to protect their most valuable assets.

The average cybersecurity investment will grow around 15 percent a year through 2021, predicts Cybersecurity Ventures. Some organizations are spending even more. J.P. Morgan Chase doubled its annual cyber security budget to half a billion dollars.

Such increases demonstrate the magnitude of the problem. Here’s what you can expect in 2017:

  1. Phishing Attacks More Frequent and Virulent

    Last year the number of phishing attacks increased dramatically. That’s likely to continue. On average, 200,000 malware samples were discovered every day last year, according to the non-profit Anti-Phishing Working Group.

    These attacks are becoming more multifaceted and difficult to block. They combine phishing with other criminal techniques, including ransomware, remote execution and privilege escalation.

  2. Too Few Adopt Multifactor Authentication

    Multifactor authentication is a powerful way to block attackers. It requires users to present different forms of identification before logging in — for example, a username and password plus fingerprint. Fortunately, a growing number of websites now support two-factor authentication.

    But unfortunately, adoption of multi factor authentication is likely to remain low. As a result, attacks like the recent Yahoo! breach, in which attackers leveraged poor account authentication, are likely to become even more common this year. Even the best protections can’t work if users won’t employ them.

  3. Dangerous Duo of IoT botnets + DDoS Attacks

    The Internet of Things is proving to be a field day for hackers. One of their more potent techniques combines familiar distributed denial of service (DDoS) attacks with IoT botnets that can penetrate embedded devices like IP-enabled surveillance cameras and routers.

    Many organizations will find that their endpoint protection and firewalls are increasingly vulnerable. That’s because most IoT breaches operate under the radar of these security measures. It will be some time before most security pros can effectively track and prevent IoT exploits.

  4. Memory-resident Malware Unabated

    Memory-resident malware loads its malicious code into the memory space of either a legitimate process or file. The code stays there until it’s triggered. That’s bad enough. But memory-resident malware can also be used to trigger zero-day attacks, in which hackers plan attacks before or on the day when a vulnerability is publicly reported, making them almost impossible to prevent.

    To be sure, there’s a very easy way to wipe out this type of malware: simply reboot the infected system. But with most PCs far more stable than ever, people run their machines longer utilizing sleep mode, saving reboots only for system updating, giving these infections more time to do their worst.

  5. Security Operations Remain a Concern

    In-house security operations centers (SOCs) may sound like a good protective measure. But in fact, many are playing a dangerous game of catch-up.

    A recent security report finds that one in four SOCs are reactive rather than proactive. The survey also found that most SOCs use ad-hoc triage procedures and nearly all are overwhelmed by the sheer number of daily alerts.

    Rather than trying to do it all on your own, many IT departments are turning to managed security services.

    Masergy offers managed security solutions that apply advanced analytics to filter customers’ security alerts and reduce the number of false positives that IT departments must deal with. Our Security Control Center experts provide 24x7 monitoring of customer networks to help detect and mitigate security breaches in record time.

    To learn more about managed security services, read our white paper: There’s Help for CISOs Overwhelmed By Cyber Security Threats

About Mike Stute

Chief Scientist, Masergy
Mike Stute is Chief Scientist at Masergy Communications and is the chief architect of the Unified Enterprise Security network behavioral analysis system. As a data scientist, he is responsible for the research and development of deep analysis methods using machine learning, probability engines, and complex system analysis in big data environments. Mike has over 22 years experience in information systems security and has developed analysis systems in fields such as power generation, educational institutions, biotechnology, and electronic communication networks.

We use cookies to improve your web experience, better understand how our site is used, and personalize advertising. By continuing to use this site you are giving us your consent to do this. Read more and make cookie choices by visiting our privacy policy.